Singapore Cloud Security Summit 2025

As financial institutions shift to cloud-first strategies, the goal must evolve from just meeting compliance to actively building cyber resilience. This keynote explores how to integrate governance, risk, and security in ways that are both regulatory-aligned and business-driven.

• Moving from reactive controls to proactive cloud security strategies
• Using automation to drive actionable, real-time cyber defense
• Positioning security as a business enabler, not a blocker
• Creating a flexible cyber playbook that scales with regulation and growth

Enterprise applications are deployed across a wide range of cloud environments, each with their own security controls of various capabilities. In the meantime, the threat landscape for web applications has become increasingly sophisticated, and has seen common threats like Bot, DDoS, and Application attacks persist and grow in complexity.

• The evolving nature of Bot, DDoS, and Layer 7 application attacks — and why they continue to succeed
• Architecting a consistent security inspection and enforcement layer at the edge, independent of origin infrastructure
• Leveraging DevOps tools like Terraform and GitHub to automate the deployment of security controls as part of the CI/CD pipeline

Singapore’s proposed Digital Infrastructure Act aims to regulate cloud and data centre operators as critical infrastructure. This session explores what organisations need to know now to prepare for heightened expectations around resilience, incident response, and security controls—before the law comes into force.

• What key requirements are expected under the new Digital Infrastructure Act?
• How will the Act shift risk, accountability, and oversight expectations?
• What should CSPs and customers do today to prepare?
• How will this regulation affect procurement and cloud strategy in 2025?

In this innovative session, attendees will be faced with a series of scenarios that they may face in their roles. Attendees will discuss the possible courses of action with their peers to consider the ramifications of each option before logging their own course of action. 

Results will be tallied and analysed by our session facilitator and results will impact the way the group moves through the activity.

Will we collectively choose the right course of action?

Email remains the primary attack vector, and security teams are under pressure as threats grow more sophisticated, leveraging cloud platforms and generative AI to bypass legacy defenses. Current security controls are not enough to stop these novel, behavior-based attacks. How do we step up our defenses against these email threats then?

This session will provide an insight into:

• What is the top of mind for the security team today in terms of email as the #1 attack vector
• Why is email as an attack vector a problem
• How do we solve the problem with behavioral AI

As fintechs across Southeast Asia race to scale operations, adopting multi-cloud strategies has become a business imperative. However, with this agility comes a new breed of risks — regulatory fragmentation, cross-border data governance, vendor lock-in, and complex threat landscapes, the session will cover:

• Navigating regulatory expectations across SEA
• Designing unified security baselines across heterogeneous cloud environments
• Embedding real-time monitoring, threat detection, and automated compliance reporting
• Mitigating vendor-specific risks and third-party exposures
• Building a cloud governance model aligned with Regulatory Bodies

Whether you're a cloud architect, compliance leader, or CISO, this session will provide actionable insights into managing complexity while embracing innovation at scale in fintech.

‍

The risks in open-source AI models mirror those in traditional open-source libraries, including vulnerabilities, malicious code and licensing issues, while also introducing unique challenges when consuming the models. This talk will delve into the complexities of these risks, examining the challenges they pose and the importance of understanding them in today’s AI-driven landscape.

Cloud security is evolving fast, with tighter rules, more complex threats, and greater reliance on large‑scale cloud providers. This panel will explore how organisations can strengthen their security and adapt to these shifts.

We’ll discuss:

• How can organisations strengthen cloud security while meeting new regulatory demands?
• How can we protect cloud workloads and data from emerging threats?
• What’s the bigger cloud risk — AI‑powered attacks or unsafe use of AI by internal teams?
• How will data sovereignty and localisation rules impact multi‑cloud strategies?

Roundtable Discussions:

‍
Choose 1 topic to join on the day!

Put your cloud security knowledge to the test in this fast-paced quiz covering real-world threats, key concepts, and emerging trends. Compete for bragging rights—and a travel voucher—as the top scorer takes the crown.

As organisations modernise and embrace both cloud and AI, cybersecurity accountability can’t be left to the technology team alone. Every member of the C-suite plays a role in ensuring that innovation doesn’t outpace security. In this session, Nicki will share practical strategies and conversation starters for engaging senior leaders, aligning risk ownership, and making sure AI adoption and cloud migration are treated as collective responsibilities—not opportunities to offload risk.

• How to align AI and cloud security priorities across the C-suite
• Practical ways to embed shared accountability for cyber risk in leadership teams
• Ensuring non-technical leaders understand the security implications of AI in cloud environments

‍

As cloud adoption accelerates, Singapore must redefine accountability across regulators, providers, and customers. Who owns the risk—and who answers when things go wrong?

• Is shared responsibility outdated in 2025’s cloud ecosystem?
• What must every cloud SLA include moving forward?
• Who’s liable when outages or breaches impact customers?
• How can customers gain control without owning infrastructure?